[Snort-sigs] Snort Blog: Snort 2.9.11.1 has been released!

Joel Esler (jesler) jesler at cisco.com
Thu Jan 4 11:25:22 EST 2018



http://blog.snort.org/2018/01/snort-29111-has-been-released.html

Snort 2.9.11.1 has been released!
Snort 2.9.11.1 has been released!

Release Notes:

2017-12-06 - Snort 2.9.11.1
New Additions


  *   Added support to block portscan. In addition to tracking the scanning packets, action(drop/sdrop/reject) will be taken for all the packets, which means Snort will block the packet and generate logs.
  *   Added support to re-evaluate reputation after reputation update for all flows except those that have already been blacklisted.

Improvements


  *   Fixed issue to detect RTP up to two SSRC switches in each traffic direction.
  *   Fixed issues related to HTTP POST header flushing, calling file processing directly if it is not a multipart header and changes to avoid expensive copy of segment data by not splitting them when flushing headers.
  *   Fixed issue of triggering protocol sweep alert when there are multiple destinations from single source ip protocol scan.
  *   Added changes to fix IP portscan for protocol other than ICMP and fixed issue of bad fragment size event not being generated for oversized packets.
  *   Added changes to use raw data in case of PDF and SWF files during file processing for SHA calculation and Malware Cloud Lookup.
  *   Fixed issue of correct session matching for TCP SYN packets without window scale option so that FTP data channels match the same rule as FTP control channels.
  *   Fixed issue of applying new configuration in file inspection after Snort reload.


We'd like to thank the following Snort Community members for working us to fix issues released in 2.9.11.1:


Markus Lude

BlueSky

David Binderman

You can download Snort version 2.9.11.1 from it's usual location on Snort.org<https://snort.org/downloads>.  Talos<https://www.talosintelligence.com/> will be releasing the ruleset for 2.9.11.1 later today (January 4th, 2018).

As always, you can report issues with Snort via our Snort-devel mailing list<https://snort.org/community#mailing_lists>, and continue discussion for users on our Snort-users mailing list<https://snort.org/community#mailing_lists>.


Thanks for your support of Snort and Happy New Year!


--
Joel Esler | Talos: Manager | jesler at cisco.com<mailto:jesler at cisco.com>






-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20180104/89ac2649/attachment.html>


More information about the Snort-sigs mailing list